Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-14337
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote malicious user to retrieve pages from the default organization and verify existing usernames. The highest threat from this vuln...
Redhat Ansible Tower 3.0.0
2.1
CVSSv2
CVE-2020-10782
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this v...
Redhat Ansible Tower 3.7.0
3.7
CVSSv2
CVE-2020-10744
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18...
Redhat Ansible Tower
Redhat Ansible
1.9
CVSSv2
CVE-2020-1746
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules a...
Redhat Ansible Tower
Redhat Ansible Engine
Debian Debian Linux 10.0
1.9
CVSSv2
CVE-2020-10685
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x prior to 2.7.17 and 2.8.x prior to 2.8.11 and 2.9.x prior to 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as ass...
Redhat Ansible Tower
Redhat Ansible Engine
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Ceph Storage 2.0
Redhat Storage 3.0
Redhat Openstack 13
Redhat Openstack 15
Debian Debian Linux 10.0
3.6
CVSSv2
CVE-2020-10691
An archive traversal flaw was found in all ansible-engine versions 2.9.x before 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrit...
Redhat Ansible Engine
Redhat Ansible Tower 3.0
4
CVSSv2
CVE-2020-1741
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, coul...
Redhat Openshift Container Platform 3.11
4.6
CVSSv2
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x prior to 2.9.3, 2.8.x prior to 2.8.8, 2.7.x prior to 2.7.16 and previous versions, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craf...
Redhat Ansible Engine
Redhat Cloudforms Management Engine 5.0
Redhat Ceph Storage 3.0
Redhat Ansible Tower 3.0.0
Redhat Openstack 13
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
3.6
CVSSv2
CVE-2020-10684
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x before 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker co...
Redhat Openstack 10
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
1 Github repository
4.4
CVSSv2
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-oper...
Redhat Openshift 4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »